For most IT managers, the word “compliance” may not evoke any particular response. Within either human resources or finance, though, sneaking up behind a manager and even just whispering the word may precipitate a violent response. Word to the wise: duck!

Of course, in specific industries - such as telecommunications and finance - IT has always had a role in compliance activities. But compliance is now a concern for all IT, especially for IT departments in publicly traded companies.

Compliance refers to the activities required by regulators to ensure that two actions are being performed: verification and enforcement. In the case of human resources, for example, Equal Employment Opportunity Commission regulations require certain standards for the treatment of employees. These standards must be enforced within the organization, and verification or audits must be performed periodically to ensure that the standards have not been violated.

Another area with heavy compliance responsibility is finance. As might be expected, financial reporting required by various regulatory agencies - for example the SEC - is an important activity in finance departments. Until recently, financial reporting was pretty much a quarterly exercise with quarterly reports called 10Qs and then one major annual filing referred to as a 10K. These reports, required for publicly traded companies, are intended to provide fair disclosure of important financial information so that investors can make informed investment decisions. Typically, the chief financial officer was required to sign these filings and attest to the accuracy of the reporting.

Scandals such as Enron and WorldCom, of course, tainted the entire reporting process. Congress, in its infinite wisdom, decided to do something about the accuracy of reporting. The so-called Sarbanes-Oxley Act of 2002, or SOA, was passed to ensure that financial reporting could be trusted by investors. Aside from all of the verbiage in the act, the way it sets out to do this is twofold.

First, financial reporting now requires that both the CEO and CFO sign off on financial reports. This requires that CEOs, in particular, legally attested to the accuracy of the reports. Second, and more important from an IT perspective, CEOs are required to attest to the accuracy of the process used to generate the numbers in the first place. CEOs who lie get to go to jail and pay hefty fines. Their companies can be liable for significant penalties as well.

Denise Dubie is senior editor with Network World.